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Security attacks increased in network day by day. Black hole 
attack is a software tool to generate the webpage attack. 
Black hole attacks are simply referred to the drive by attack 
(Drive by attack occur when user visit the malicious 
webpage).There is various tool used in the black hole attack. 
Firesheep is one of the tool used to create the attack and it 
having high vulnerability chances then independent of all 
operating system. This paper proposed, the attacks are 
detected by using the blacksheep tool in which gives the alert 
message of somebody using the firesheep in this network. 
Finally prevent the webpage by using CPU emulator. In this 
emulator having the emulation algorithm used to prevent the 
webpage. The emulation algorithm works based on automata 
theory. It can get the source code and execute the decoding 
procedure by reading instruction by instruction. 
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INTRODUCTION 

The information revolution and the spread of Internet are stimulating globalization 
and allowing corporations to conduct business around the world. Communication 
technologies improve the productivity, efficiency and competitiveness of organizations 
around the globe. The increasing number of transactions, enormous amounts of data with 
varying degrees of protection is flowing over the Internet. Consumers entering highly 
confidential information. Five requirements of a secure transaction. 
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• Privacy — information not read by third party 

• Integrity — information not compromised or altered 

• Authentication - sender and receiver prove identities 

• Non-repudiation — legally prove message was sent and received 

• Availability — Computer systems continually accessible 

But there are various security attacks to be involved in network such as, Denial of 
service attacks- Use a network of computers to overload servers and cause them to crash or 
become unavailable to legitimate users, flood servers with data packets, alter routing tables 
which direct data from one computer to another distributed denial of service attack comes 
from multiple computers. Viruses- Computer programs that corrupt or delete files Sent as 
attachments or embedded in other files. Worm-Can spread itself over a network, doesn’t 
need to be sent. Web defacing- Hackers illegally change the content of a web site, In this 
paper to be taken by the denial service attack. 

BLACK HOLE ATTACK 

Block hole attack is one of the denial service attack^, 

2.1 Work Flow 

An 'exploit kit’ is a software tool used by attackers to get other software installed on 
a victim’s PC. This other software can perform a wide range of tasks, usually malicious. So, 
an exploit kit such as Blackhole contains a range of different payloads and the user selects 
the ones desired and the intended target or type of target. Blackhole then delivers the 
selected payload and the payload conducts its attack on the infected device, as described 
below-Exploit kits are sold online to anyone who wishes to use one. The kits normally 
exploit known security holes in the versions of software installed on victim’s devices,for 
example web browsers, to deliver the malicious payload selected by the user of the exploit 
kit. The older the browser version, the more likely it is to contain known holes and so 
updating browsers and other software regularly is a key defence against Blackhole-type 
attack. The person or persons who wrote the Blackhole code are not the person or persons 
who use it to attack targets. They are simply in the business of creating and selling their 
exploit kit as a service to other cybercriminals. Exploit kit developers deliver, package, and 
sell their kits in a model that is very similar to the SaaS (Software as a Service) model and 
this is therefore often referred to as CaaS (crime as a service). A would-be cybercriminal 
purchases a license to use Blackhole or any other such exploit kit, for a period of time. The 
costs and licence options vary between different kits and some kits even include software 
updates, while others are available at a premium to include the most modern exploits that 
can bypass even up-to-date anti-malware applications. ‘Drive-by’ attacks are currently the 
predominant form of web attack. (Drive-by attacks occur when a user visits a malicious 
webpage and is infected without taking any of the conventional actions, such as 
downloading a file). Almost half of all drive-by attacks are facilitated by the use of the 
Blackhole exploit kit. There are five stages to create a black hole attack. 

• Stage 1: Initial contact with the victim. 

• Stage 2: Drawing the victim to an'exploit site’. 

• Stage 3: Investigation of the victim’s device and software to identify possible exploits; 
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• Stage 4: Delivery of the appropriate malware to the victim’s device. 

• Stage 5: Execution of the malware payload. This in itself can be a multi-stage 
process. 

during transmission 

Attacks on data in storage or_ 



be transmitted 

SECURE ROUTING PROTOCOL 

Secure routing protocol for Ad hoc on demand distance vector (AODV) routing 
protocol known as Identity-based Key Management (IKM) which is a combination of ID- 
based Cryptography and threshold cryptography and authenticates all routing message. 
The IKM system uses certificate less approach where each node derives its public key from 
its network ID and some common shared information. IKM is a secure, lightweight and 
scalable scheme for MANETs. The system identifies compromised node and prevents from 
third party attack which may also include trusted third party attack. In IKM, the data 
packets are publicly seen which is vulnerable to attacksM. Hence to protect the data packets 
to encrypt and decrypt the packets using encryption and decryption algorithm. In 
encryption/decryption algorithm works based on symmetric key. In this key knows only who 
are send and receive the data in network. If the sender or receiver forget the key, the data 
will be lost. Encrypting and decrypting message using public-key cryptography . 


EMULATION ALGORITHM 


In this paper, does not use key concept in prevention, to create software tool using 
emulation algorithm ^k 3 ]. 

(i) Generation 

(ii) Detection 

(iii) Prevention 


These are the modules involved in this paper. 
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4.1 Overall Description: 




Black Hole 




4.2 Generation: 

To generate black hole attack by using various tools. Such that 71 

Medusa: Medusa is one of the best online brute-force, speedy, parallel password 
crackers which is available on the internet. It has been designed by the members of the 
website foofus.net. It is also widely used in Penetration testing to ensure that the 
vulnerability of the system can be exposed and appropriate security measures can be taken 
against hacking. 

Wfuzz: Wfuzz is a flexible tool for brute forcing internet based applications. It 
supports many features like Multithreading, Header brute forcing, Recursion when 
discovering directories, Cookies, Proxy Support, hiding results and encoding the URLs to 
name a few. Wfuzz is a useful tool for finding unlinked resources like scripts, directories 
and servlets as well. 

RainbowCrack: Rainbow Crack as the name suggests, is a cracker for hashes with 
the Rainbow Tables. It runs on multiple operating systems such as Linux, Windows Vista, 
Windows XP (Windows Operating Systems). It supports both Graphical User Interface as 
well as Command line Interface. It's software which is used for password cracking by 
generating rainbow tables, fuzzing all the parameters. 

Brutus: Brutus is one of the most flexible and free password crackers which 
operates remotely. It is popular also because of its high speed and operates under operating 
systems such as Windows 2000, Windows NT and Windows 9x. Currently it does not 
operate under the UNIX operating system. Brutus was initially designed to check network 
devices like routers for common as well as default passwords. 

LOphtCrack: LOphtCrack which is now known as L0phtCrack6, is a tool which tests 
the strength of a password given, as well as to recover lost passwords on Microsoft Windows 
platform. Thus it is a tool for both password recovery as well as auditing the password. It 
uses techniques such as Rainbow tables, brute-force and dictionary to recover passwords. 

Cain and Abel: Cain and Abel, often referred to as Cain, is a tool for recovering the 
password in the Windows platform. It has the capability to recover various kinds of 
passwords using techniques such as cracking the password hashes by using brute-forcing, 
dictionary attacks, crypto analysis attacks and packet sniffing in the network. 
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Kismet: Kismet is a wireless detector system which detects possible intrusion to an 
802.11 layer2 wireless network, it is also a sniffer. There are certain plug-in supported by 
Kismet which enable sniffing media. It also has the capacity to infer whether a non 
beaconing network is present or not via the data traffic in the network and a network is 
identified by this tool by collecting data packets passively, detecting hidden and standard 
named networks. 

InSSIDer: InSSIDer is a network scanner which is used in a Wi-Fi network for the 
Windows Operating System as well as the Apple OS X. It has been developed by MetaGeek, 
LLC. It is used to collect information from both software and a wireless card and is useful in 
selecting the availability of the best wireless channel. It also shows those Wi-Fi network 
channels which overlap with each other. 

Wireshark: If you want to put a security system, Wireshark is the must have 
security tool. It monitors every single byte of the data that is transferred via the network 
system. If you are a network administrator or penetration tester this tool is a must have. 

4.2.1 Firesheep 

In order to log into a website, a user has submit details like his or her username 
and password. The server validates these data and sends back a “cookie”. The websites 
usually encrypts the password however does not encrypt other details which leaves the 
cookie exposed to hacking threats which are also known as HTTP session hijacking. 
Firesheep has a packet sniffer which can intercept the cookies which are encrypted from 
social media sites like Twitter and Facebook and comes with the Firefox web browser. 
Firesheep is available for both the windows and Mac OS X operating system. It would also 
run on the Linux platform in the new future. So, firesheep tool should be used in this 
paperW. 

4.2.2 Work Flow 

In an Http session hijacking attack an attacker steals victims’ cookies. Cookies store 
all the necessary information about one’s account. Using this information can be hack 
anybody’s account and change the password. If get the cookies of the victim that can be 
hack any account the victim is logged into i.e., hack Face book Google, Yahoo, Orkut, Flickr 
etc or any other email account. In order to log into a website, a user Firesheep has a packet 
sniffer which can intercept the cookies which are encrypted from Social Media sites like 
Twitter and Facebook and comes with the Firefox web browser. 

Use firesheep to hack a facebook or any other account, you will need the following 

things: 

• Public wifi access 

• Winpcap 

• Firesheep (Download) 

4.2.3 Method: 

1. First of all download "Firesheep" from the above link and use the "openwith" 
option in the firefox browser. 
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Opening firesheep-0.1 -1 .xpi 


You have chosen to open 
firesheep-0.1-l.Kpi 

which is a: XPInstall Install 
from: http://cloud.github.com 

What should Firefox do with this file? 
© Open with j Firefox 
O Save File 


OK | [ Cancel | 


2. Once you have installed firesheep on firefox web browser, Click on view at the 
top, then goto sidebar and click on Firesheep. 


Facebook - Mozilla Firefox 

View I 


© 

E Fac 


History Bookmarks Tools Help Related Links 

E http: //www. facebook. com/profile. php?id= 1748423333 


acebo 


Toolbars 

✓ Status Bar 
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| Sidebar 
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Stop 

Esc 


Reload 

Ctrl+R 


Zoom 
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Page Style 
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, Character Encoding 
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Page Source 

Ctrl+U 


Full Screen 

Fll 



Bookmarks Ctrl+B 
History Ctrl+H 


Firesheep 5hift+Ctrl+5 


0 Blogger: Le... 



www.mf.iyli.icking.iiticles.blogspot.com 


1^? Messages 
Events 
Jj\ Friends 


Harsh Agrawal is now friends with Sohali Parmar an 


3. Now click on the top left button "Start capturing" and it will start to capture the 
session cookies of people in your wifi network, This will show you the list of those people 
whose cookies are captured and have visited unsecured website known to firesheep, Double 
click on the photo and you will be logged in instantly. 


M ^ ^ MoxihfrtfM 

Uirtilt** • 

" I'g. LLi 



4.3 Detection: 

4.3.1 BlackSheep 

BlackSheep is based on the fireSheep source code. It reuses the same network 
listening back-end and the list of sites and corresponding cookies, etc. This ensures that the 
fake traffic generated by blackSheep is what firesheep is expecting. 

4.3.2 Workflow: 

BlackSheep in action first, install blacksheep here. If you already have firesheep 
installed, make sure it is disabled, otherwise blacksheep will detect that you are using 


145 


Volume 03, Issue 01, Version II, Jan — Mar’ 2016 











































Black Hole Attack Prevention Using Computer Emulation Technique 


fireSheep.Then select the correct network interface in the options menu (same as 
firesheep)®! 10 ]. 

MozilLa Firefox Start Page 

Somebody is using MrcShecp on this network. IP: 10.332.18 
I- 

Web Images Videos f/aps News Shonong W a I morf 

BlackSheep detects the active connection made by firesheep. It does this by making 
HTTP requests to random sites handled by firesheep every 5 minutes (configurable) with 
fake values. 



BlackSheep then listens to all HTTP requests on the network to detect if somebody 
else is using the same fake values. BlackSheep is based on the FireSheep source code. It 
reuses the same network listening back-end and the list of sites and corresponding cookies, 
etc. This ensures that the fake traffic generated by blackSheep is what firesheep is 
expecting. BlackSheep is a Firefox add-on which warns users if someone is using firesheep 
on their network. It also indicates the IP address of the machine that is spying on you. 
BlackSheep does not break firesheep or try to disable it. Another program, which won't even 
name, has been released that tries to interfere with Firesheep by flooding the network with 
garbage. This strikes me as irresponsible. In contrast, BlackSheep is well behaved, sending 
out just a few packets every five minutes (an interval that can be adjusted). 

4.4 Prevention: 

4.4.1 Emulation Algorithm: 

The standard definition for emulation is “try to be equal or better then someone or 
something”^. An emulator is thus someone or something who or which emulates someone 
or something else. The emulators are how the information about the emulated system can 
be obtained. Either from known sources in Internet which contains information about the 
system (for example most of the CPU information can be found in the web pages of the 
corporations which make it), or using reverse engineering techniques when the information 
is not available. It can get the source code (raw bytes) and in a fetch decode-execute loop 
read each byte^.The emulation of the memory and communication with the devices (10 or 
input/output) is also very important for the performance of the emulator. The memory for 
example is accessed very frequently, in some old architectures with a small register bank it 
can be accessed in each instruction. The 10 ports are less accessed but as they are used for 
communicating with the other devices in the machine their implementation use to be 
slower [6] [2] [3] [5] . 

4.4.2 Work Flow 

To implement the emulator algorithm in hacker system through their IP address^. 
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To configure the emulator 1 1 12 \ 



CONCLUSION AND FUTURE ENHANCEMENTS 

In IKM, the data packets are publicly seen which is vulnerable to attacks. So, to 
develop the software tool. One of the black hole attack that can be generated by firesheep 
tool, it is having high vulnarability chances on the victim device. It can be detected by using 
blacksheep tool. It display the warning message on the browser. By implementing 
emulation algorithm that can be reproduce the original web page from the attacking web 
page. To avoid data loss on network, in emulation algorithm tool that are connected to the 
network, it's automatically avoid data loss. In emulation algorithm only used for prevent 
data loss, hence to prevent the hardware crahes in any of the technique. 
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